Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malicious Entries in Search Engine Results


  • This topic is locked This topic is locked
20 replies to this topic

#1 bark.chris

bark.chris

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:new york
  • Local time:01:37 PM

Posted 08 April 2009 - 06:28 PM

Hi All,

Thank you for taking the time to read my post.

I am unable to ride my machine of an animalware / virus that is targeting my search results in IE 7 and/or Firefox 3.08, when I search with Google or Yahoo. A search for example "elephant," includes dummy results to various unrelated sites (usually some kind of marketplace), which will redirect again if I click on them.

Before posting, I renamed Firefox.exe as firefox1.exe, and this seemed to solve the problem (for Firefox), which suggests to me that there is code targeting the browsers on my machine.

I have already tried scanning in normal and safe modes with AVG Free 8.0, Malwarebytes' Anti-Malware and Spybot - Search & Destroy.

Any assistance would be appreciated. Thank you,

bark.chris


DDS.txt follows:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Chris Barker at 19:06:14.78 on Wed 04/08/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1211 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
C:\Program Files\Mozilla Firefox\firefox1.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Glary Utilities\Integrator.exe
C:\Program Files\Glary Utilities\procmgr.exe
C:\Documents and Settings\Chris Barker\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {C5F7A735-70F1-477F-8C36-6FF3C736017B} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [TP4EX] tp4ex.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [PSQLLauncher] "c:\program files\thinkvantage fingerprint software\launcher.exe" /startup
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [SysUpd] 0000
dRun: [WindowsUpd] 0000
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\docume~1\chrisb~1\startm~1\programs\startup\ccc.lnk - c:\program files\ati technologies\ati.ace\core-static\CCC.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart16.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\lenovo\pkgmgr\PkgMgr.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149470612359
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232746723187
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.adoramapix.com/components/aurigma/ImageUploader4.cab
DPF: {74FFE28D-2378-11D5-990C-006094235084} - hxxp://www-307.ibm.com/pc/support/IbmEgath.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} - hxxps://www-307.ibm.com/pc/support/access/aslibmain/content/AcpControl.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll
Notify: psfus - psqlpwd.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
AppInit_DLLs: ymctmq.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli psqlpwd

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-11 64160]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [2006-5-23 85760]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-29 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-7-29 27656]
R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [2006-5-23 4736]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2008-7-13 4442]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-2 298264]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2008-7-24 94208]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2006-7-14 3968]
R2 smihlp;SMI helper driver;c:\program files\thinkvantage fingerprint software\smihlp.sys [2006-4-25 3456]
R3 swmx01;Sierra Wireless USB MUX Driver (#01);c:\windows\system32\drivers\swmx01.sys [2005-11-18 58624]
R3 SWNC5E01;Sierra Wireless MUX NDIS Driver (#01);c:\windows\system32\drivers\SWNC5E01.sys [2005-8-5 73600]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2007-1-1 25773]

=============== Created Last 30 ================

2009-04-08 00:04 113,222 -------- c:\windows\system32\dllcache\zoneclim.dll
2009-04-08 00:04 29,760 -------- c:\windows\system32\dllcache\znetm.dll
2009-04-08 00:04 13,894 -------- c:\windows\system32\dllcache\zonelibm.dll
2009-04-08 00:04 41,029 -------- c:\windows\system32\dllcache\zcorem.dll
2009-04-08 00:04 36,937 -------- c:\windows\system32\dllcache\zclientm.exe
2009-04-08 00:04 4,677 -------- c:\windows\system32\dllcache\zeeverm.dll
2009-04-08 00:04 116,224 -------- c:\windows\system32\dllcache\xrxwiadr.dll
2009-04-08 00:04 23,040 -------- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-04-08 00:04 17,408 -------- c:\windows\system32\dllcache\xrxscnui.dll
2009-04-08 00:04 27,648 -------- c:\windows\system32\dllcache\xrxftplt.exe
2009-04-08 00:02 53,760 -------- c:\windows\system32\dllcache\wiamsmud.dll
2009-04-08 00:01 19,528 -------- c:\windows\system32\dllcache\w840nd.sys
2009-04-08 00:00 113,762 -------- c:\windows\system32\dllcache\usrpda.sys
2009-04-07 23:59 26,624 -------- c:\windows\system32\dllcache\umaxu22.dll
2009-04-07 23:59 69,632 -------- c:\windows\system32\dllcache\umaxu12.dll
2009-04-07 23:59 50,688 -------- c:\windows\system32\dllcache\umaxscan.dll
2009-04-07 23:59 22,912 -------- c:\windows\system32\dllcache\umaxpcls.sys
2009-04-07 23:59 50,176 -------- c:\windows\system32\dllcache\umaxp60.dll
2009-04-07 23:59 47,616 -------- c:\windows\system32\dllcache\umaxcam.dll
2009-04-07 23:59 211,968 -------- c:\windows\system32\dllcache\um54scan.dll
2009-04-07 23:59 216,064 -------- c:\windows\system32\dllcache\um34scan.dll
2009-04-07 23:59 103,424 -------- c:\windows\system32\dllcache\uihelper.dll
2009-04-07 23:59 44,672 -------- c:\windows\system32\dllcache\uagp35.sys
2009-04-07 23:58 11,520 -------- c:\windows\system32\dllcache\twotrack.sys
2009-04-07 23:58 14,336 -------- c:\windows\system32\dllcache\tsprof.exe
2009-04-07 23:58 166,784 -------- c:\windows\system32\dllcache\tridxpm.sys
2009-04-07 23:58 525,568 -------- c:\windows\system32\dllcache\tridxp.dll
2009-04-07 23:58 159,232 -------- c:\windows\system32\dllcache\tridkbm.sys
2009-04-07 23:58 440,576 -------- c:\windows\system32\dllcache\tridkb.dll
2009-04-07 23:58 222,336 -------- c:\windows\system32\dllcache\trid3dm.sys
2009-04-07 23:58 315,520 -------- c:\windows\system32\dllcache\trid3d.dll
2009-04-07 23:58 34,375 -------- c:\windows\system32\dllcache\tpro4.sys
2009-04-07 23:58 42,496 -------- c:\windows\system32\dllcache\tp4res.dll
2009-04-07 23:58 82,432 -------- c:\windows\system32\dllcache\tp4mon.exe
2009-04-07 23:56 37,961 -------- c:\windows\system32\dllcache\tdk100b.sys
2009-04-07 23:56 21,896 -------- c:\windows\system32\dllcache\tdipx.sys
2009-04-07 23:56 13,192 -------- c:\windows\system32\dllcache\tdasync.sys
2009-04-07 23:56 30,464 -------- c:\windows\system32\dllcache\tbatm155.sys
2009-04-07 23:56 7,040 -------- c:\windows\system32\dllcache\tandqic.sys
2009-04-07 23:56 36,640 -------- c:\windows\system32\dllcache\t2r4mini.sys
2009-04-07 23:56 172,768 -------- c:\windows\system32\dllcache\t2r4disp.dll
2009-04-07 23:56 94,293 -------- c:\windows\system32\dllcache\sxports.dll
2009-04-07 23:56 103,936 -------- c:\windows\system32\dllcache\sx.sys
2009-04-07 23:56 3,968 -------- c:\windows\system32\dllcache\swusbflt.sys
2009-04-07 23:56 10,240 -------- c:\windows\system32\dllcache\swpidflt.dll
2009-04-07 23:56 10,240 -------- c:\windows\system32\dllcache\swpdflt2.dll
2009-04-07 23:54 61,824 -------- c:\windows\system32\dllcache\speed.sys
2009-04-07 23:53 147,200 -------- c:\windows\system32\dllcache\smidispb.dll
2009-04-07 23:52 129,535 -------- c:\windows\system32\dllcache\slnt7554.sys
2009-04-07 23:51 101,760 -------- c:\windows\system32\dllcache\sis300ip.sys
2009-04-07 23:50 10,880 -------- c:\windows\system32\dllcache\scsiscan.sys
2009-04-07 23:50 57,856 -------- c:\windows\system32\dllcache\EXCH_scripto.dll
2009-04-07 23:50 11,648 -------- c:\windows\system32\dllcache\scsiprnt.sys
2009-04-07 23:50 17,280 -------- c:\windows\system32\dllcache\scr111.sys
2009-04-07 23:50 16,640 -------- c:\windows\system32\dllcache\scmstcs.sys
2009-04-07 23:50 23,936 -------- c:\windows\system32\dllcache\sccmusbm.sys
2009-04-07 23:50 23,936 -------- c:\windows\system32\dllcache\sccmn50m.sys
2009-04-07 23:50 43,136 -------- c:\windows\system32\dllcache\sbp2port.sys
2009-04-07 23:50 495,616 -------- c:\windows\system32\dllcache\sblfx.dll
2009-04-07 23:50 75,392 -------- c:\windows\system32\dllcache\s3savmxm.sys
2009-04-07 23:50 245,632 -------- c:\windows\system32\dllcache\s3savmx.dll
2009-04-07 23:50 77,824 -------- c:\windows\system32\dllcache\s3sav4m.sys
2009-04-07 23:48 79,872 -------- c:\windows\system32\dllcache\rwia001.dll
2009-04-07 23:47 714,762 -------- c:\windows\system32\dllcache\r2mdmkxx.sys
2009-04-07 23:46 83,748 -------- c:\windows\system32\dllcache\prcp.nls
2009-04-07 23:45 259,328 -------- c:\windows\system32\dllcache\perm3dd.dll
2009-04-07 23:44 39,424 -------- c:\windows\system32\dllcache\ovcoms.exe
2009-04-07 23:44 20,480 -------- c:\windows\system32\dllcache\ovcomc.dll
2009-04-07 23:44 351,616 -------- c:\windows\system32\dllcache\ovcodek2.sys
2009-04-07 23:44 116,736 -------- c:\windows\system32\dllcache\ovcodec2.dll
2009-04-07 23:44 31,872 -------- c:\windows\system32\dllcache\ovce.sys
2009-04-07 23:44 28,032 -------- c:\windows\system32\dllcache\ovcd.sys
2009-04-07 23:44 48,000 -------- c:\windows\system32\dllcache\ovcam2.sys
2009-04-07 23:44 25,088 -------- c:\windows\system32\dllcache\ovca.sys
2009-04-07 23:44 54,186 -------- c:\windows\system32\dllcache\otcsercb.sys
2009-04-07 23:44 43,689 -------- c:\windows\system32\dllcache\otceth5.sys
2009-04-07 23:44 27,209 -------- c:\windows\system32\dllcache\otc06x5.sys
2009-04-07 23:42 39,264 -------- c:\windows\system32\dllcache\neo20xx.sys
2009-04-07 23:42 60,480 -------- c:\windows\system32\dllcache\neo20xx.dll
2009-04-07 23:42 15,872 -------- c:\windows\system32\dllcache\ne2000.sys
2009-04-07 23:42 10,880 -------- c:\windows\system32\dllcache\ndisip.sys
2009-04-07 23:42 85,376 -------- c:\windows\system32\dllcache\nabtsfec.sys
2009-04-07 23:42 91,488 -------- c:\windows\system32\dllcache\n9i3disp.dll
2009-04-07 23:42 27,936 -------- c:\windows\system32\dllcache\n9i3d.sys
2009-04-07 23:42 33,088 -------- c:\windows\system32\dllcache\n9i128v2.sys
2009-04-07 23:42 59,104 -------- c:\windows\system32\dllcache\n9i128v2.dll
2009-04-07 23:42 13,664 -------- c:\windows\system32\dllcache\n9i128.sys
2009-04-07 23:42 35,392 -------- c:\windows\system32\dllcache\n9i128.dll
2009-04-07 23:42 128,000 -------- c:\windows\system32\dllcache\n100325.sys
2009-04-07 23:42 52,255 -------- c:\windows\system32\dllcache\n1000nt5.sys
2009-04-07 23:40 35,200 -------- c:\windows\system32\dllcache\msgame.sys
2009-04-07 23:39 48,768 -------- c:\windows\system32\dllcache\maestro.sys
2009-04-07 23:38 25,065 -------- c:\windows\system32\dllcache\lmndis3.sys
2009-04-07 23:37 5,632 -------- c:\windows\system32\dllcache\kbd103.dll
2009-04-07 23:36 372,824 -------- c:\windows\system32\dllcache\iconf32.dll
2009-04-07 23:36 100,992 -------- c:\windows\system32\dllcache\icam5usb.sys
2009-04-07 23:36 20,480 -------- c:\windows\system32\dllcache\icam5ext.dll
2009-04-07 23:36 45,056 -------- c:\windows\system32\dllcache\icam5com.dll
2009-04-07 23:36 154,496 -------- c:\windows\system32\dllcache\icam4usb.sys
2009-04-07 23:36 61,952 -------- c:\windows\system32\dllcache\icam4ext.dll
2009-04-07 23:36 91,136 -------- c:\windows\system32\dllcache\icam4com.dll
2009-04-07 23:36 26,624 -------- c:\windows\system32\dllcache\icam3ext.dll
2009-04-07 23:36 141,056 -------- c:\windows\system32\dllcache\icam3.sys
2009-04-07 23:36 38,528 -------- c:\windows\system32\dllcache\ibmvcap.sys
2009-04-07 23:36 109,085 -------- c:\windows\system32\dllcache\ibmtrp.sys
2009-04-07 23:36 100,936 -------- c:\windows\system32\dllcache\ibmtok.sys
2009-04-07 23:36 9,216 -------- c:\windows\system32\dllcache\ibmsgnet.dll
2009-04-07 23:34 115,807 -------- c:\windows\system32\dllcache\hsf_fsks.sys
2009-04-07 23:33 126,976 -------- c:\windows\system32\dllcache\hpgt34tk.dll
2009-04-07 23:32 322,432 -------- c:\windows\system32\dllcache\g400m.sys
2009-04-07 23:31 22,090 -------- c:\windows\system32\dllcache\fem556n5.sys
2009-04-07 23:30 72,192 -------- c:\windows\system32\dllcache\es1969.sys
2009-04-07 23:29 77,386 -------- c:\windows\system32\dllcache\el656nd5.sys
2009-04-07 23:28 6,729 -------- c:\windows\system32\dllcache\disrvci.dll
2009-04-07 23:27 27,136 -------- c:\windows\system32\dllcache\cyzcoins.dll
2009-04-07 23:26 49,182 -------- c:\windows\system32\dllcache\cem56n5.sys
2009-04-07 23:25 19,456 -------- c:\windows\system32\dllcache\brbidiif.dll
2009-04-07 23:24 56,623 -------- c:\windows\system32\dllcache\ati1btxx.sys
2009-04-07 23:23 598,071 -------- c:\windows\system32\dllcache\fpmmc.dll
2009-04-07 19:56 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-07 19:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-06 16:04 54,156 a---h--- c:\windows\QTFont.qfn
2009-04-05 15:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-04-05 15:49 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-04-05 15:49 <DIR> --d----- c:\docume~1\chrisb~1\applic~1\SUPERAntiSpyware.com
2009-04-05 15:03 <DIR> --d----- c:\program files\Trend Micro
2009-04-01 23:54 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-03-31 12:24 <DIR> --d----- c:\docume~1\chrisb~1\applic~1\GlarySoft
2009-03-31 12:07 <DIR> --d----- c:\program files\Glary Utilities
2009-03-28 22:11 430,080 -------- c:\windows\system32\ZSHP1018.EXE
2009-03-28 22:11 128,380 -------- c:\windows\system32\hp1018.img
2009-03-28 22:11 106,496 -------- c:\windows\system32\ZSPOOL.DLL
2009-03-28 22:11 102,400 -------- c:\windows\system32\ZLhp1018.DLL
2009-03-28 22:11 61,440 -------- c:\windows\system32\ZIMF.DLL
2009-03-28 22:11 53,248 -------- c:\windows\system32\ZTAG.DLL
2009-03-28 22:11 10,632 -------- c:\windows\system32\ZSHP1018.CHM
2009-03-28 22:10 <DIR> --d----- C:\hp
2009-03-28 18:40 <DIR> --d----- c:\program files\MediaMonkey
2009-03-22 18:51 <DIR> --d----- C:\Icons
2009-03-16 23:02 161,792 -------- c:\windows\SWREG.exe
2009-03-16 23:02 98,816 -------- c:\windows\sed.exe
2009-03-16 15:50 <DIR> --d----- c:\program files\ArchVision
2009-03-14 11:49 <DIR> --dshr-- C:\cmdcons
2009-03-11 09:27 15,688 -------- c:\windows\system32\lsdelete.exe
2009-03-11 08:16 64,160 -------- c:\windows\system32\drivers\Lbd.sys
2009-03-10 23:53 <DIR> --d----- c:\windows\setup.pss
2009-03-10 23:53 <DIR> --d----- c:\windows\setupupd
2009-03-09 23:13 15,504 -------- c:\windows\system32\drivers\mbam.sys
2009-03-09 23:13 38,496 -------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-09 23:13 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2009-04-05 00:00 5,427 -------- c:\windows\system32\EGATHDRV.SYS
2009-03-04 17:23 548 ---shr-- c:\docume~1\alluse~1\applic~1\winpage.sys
2009-02-09 06:19 1,846,272 -------- c:\windows\system32\win32k.sys
2009-02-09 06:19 1,846,272 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-02 22:38 10,520 -------- c:\windows\system32\avgrsstx.dll
2009-01-16 22:35 3,594,752 -------- c:\windows\system32\dllcache\mshtml.dll
2007-10-20 12:15 40,048 -------- c:\docume~1\chrisb~1\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 19:06:57.32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:37 PM

Posted 20 April 2009 - 07:11 AM

Hello bark.chris,

Posted Image

Sorry about the delay.:thumbup2: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Thanks,
tea

Edited by teacup61, 20 April 2009 - 07:14 AM.

Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 bark.chris

bark.chris
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:new york
  • Local time:01:37 PM

Posted 24 April 2009 - 09:19 AM

Hi Teacup,

Thanks for your response.
Below is the fresh Hijack This report:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:02 AM, on 4/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Mozilla Firefox\firefox1.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [SysUpd] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [WindowsUpd] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [SysUpd] (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149470612359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1232746723187
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.adoramapix.com/components/aurig...geUploader4.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-307.ibm.com/pc/support/access/a.../AcpControl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ymctmq.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O20 - Winlogon Notify: gebyx - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 11362 bytes

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:37 PM

Posted 24 April 2009 - 12:54 PM

Jello,

You're welcome. :thumbup2:

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

If ComboFix will not run the first time, then rename ComboFix.exe to chrisbark.exe and try it again. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 bark.chris

bark.chris
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:new york
  • Local time:01:37 PM

Posted 26 April 2009 - 12:57 PM

Hi Teacup,

Please find below Combofix and Hijack This reports, as requested.

Thank you,

bark.chris




ComboFix 09-04-25.A3 - Chris Barker 04/26/2009 13:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1389 [GMT -4:00]
Running from: c:\documents and settings\Chris Barker\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-4-26 )))))))))))))))))))))))))))))))
.

2009-04-20 13:59 . 2009-04-20 13:59 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-20 13:54 . 2009-04-20 13:54 -------- d-----w c:\documents and settings\Chris Barker\Application Data\MSNInstaller
2009-04-11 14:06 . 2009-04-12 13:19 0 ----a-w c:\windows\Cmehun.bin
2009-04-11 14:06 . 2009-04-11 14:06 -------- d-----w c:\documents and settings\Chris Barker\Local Settings\Application Data\{160B857E-5F13-40E7-8A75-E91CABEBB3B6}
2009-04-11 14:06 . 2009-04-12 13:19 408 ----a-w c:\windows\Hliguvozer.dat
2009-04-08 04:04 . 2004-08-04 12:00 29760 ------w c:\windows\system32\dllcache\znetm.dll
2009-04-08 04:04 . 2004-08-04 12:00 13894 ------w c:\windows\system32\dllcache\zonelibm.dll
2009-04-08 04:04 . 2004-08-04 12:00 113222 ------w c:\windows\system32\dllcache\zoneclim.dll
2009-04-08 04:04 . 2004-08-04 12:00 4677 ------w c:\windows\system32\dllcache\zeeverm.dll
2009-04-08 04:04 . 2004-08-04 12:00 41029 ------w c:\windows\system32\dllcache\zcorem.dll
2009-04-08 04:04 . 2004-08-04 12:00 36937 ------w c:\windows\system32\dllcache\zclientm.exe
2009-04-08 04:04 . 2004-08-04 04:56 116224 ------w c:\windows\system32\dllcache\xrxwiadr.dll
2009-04-08 04:04 . 2001-08-18 02:36 23040 ------w c:\windows\system32\dllcache\xrxwbtmp.dll
2009-04-08 04:04 . 2001-08-18 02:36 17408 ------w c:\windows\system32\dllcache\xrxscnui.dll
2009-04-08 04:04 . 2001-08-18 02:37 27648 ------w c:\windows\system32\dllcache\xrxftplt.exe
2009-04-08 04:02 . 2001-08-18 02:36 53760 ------w c:\windows\system32\dllcache\wiamsmud.dll
2009-04-08 04:01 . 2001-08-17 16:13 19528 ------w c:\windows\system32\dllcache\w840nd.sys
2009-04-08 04:00 . 2001-08-17 17:28 113762 ------w c:\windows\system32\dllcache\usrpda.sys
2009-04-08 03:59 . 2001-08-18 02:36 26624 ------w c:\windows\system32\dllcache\umaxu22.dll
2009-04-08 03:59 . 2001-08-18 02:36 69632 ------w c:\windows\system32\dllcache\umaxu12.dll
2009-04-08 03:59 . 2001-08-18 02:36 50688 ------w c:\windows\system32\dllcache\umaxscan.dll
2009-04-08 03:59 . 2001-08-17 17:58 22912 ------w c:\windows\system32\dllcache\umaxpcls.sys
2009-04-08 03:59 . 2001-08-18 02:36 50176 ------w c:\windows\system32\dllcache\umaxp60.dll
2009-04-08 03:59 . 2001-08-18 02:36 47616 ------w c:\windows\system32\dllcache\umaxcam.dll
2009-04-08 03:59 . 2001-08-18 02:36 211968 ------w c:\windows\system32\dllcache\um54scan.dll
2009-04-08 03:59 . 2001-08-18 02:36 216064 ------w c:\windows\system32\dllcache\um34scan.dll
2009-04-08 03:59 . 2004-08-04 12:00 103424 ------w c:\windows\system32\dllcache\uihelper.dll
2009-04-08 03:59 . 2004-08-04 03:07 44672 ------w c:\windows\system32\dllcache\uagp35.sys
2009-04-08 03:58 . 2001-08-17 17:48 11520 ------w c:\windows\system32\dllcache\twotrack.sys
2009-04-08 03:58 . 2004-08-04 12:00 14336 ------w c:\windows\system32\dllcache\tsprof.exe
2009-04-08 03:58 . 2001-08-17 16:51 166784 ------w c:\windows\system32\dllcache\tridxpm.sys
2009-04-08 03:58 . 2001-08-18 02:36 525568 ------w c:\windows\system32\dllcache\tridxp.dll
2009-04-08 03:58 . 2001-08-17 16:51 159232 ------w c:\windows\system32\dllcache\tridkbm.sys
2009-04-08 03:58 . 2001-08-17 18:56 440576 ------w c:\windows\system32\dllcache\tridkb.dll
2009-04-08 03:58 . 2001-08-17 16:51 222336 ------w c:\windows\system32\dllcache\trid3dm.sys
2009-04-08 03:58 . 2001-08-17 18:56 315520 ------w c:\windows\system32\dllcache\trid3d.dll
2009-04-08 03:58 . 2001-08-17 16:12 34375 ------w c:\windows\system32\dllcache\tpro4.sys
2009-04-08 03:58 . 2001-08-18 02:35 42496 ------w c:\windows\system32\dllcache\tp4res.dll
2009-04-08 03:58 . 2004-08-04 04:56 82432 ------w c:\windows\system32\dllcache\tp4mon.exe
2009-04-08 03:56 . 2004-08-04 12:00 21896 ------w c:\windows\system32\dllcache\tdipx.sys
2009-04-08 03:56 . 2001-08-17 16:13 37961 ------w c:\windows\system32\dllcache\tdk100b.sys
2009-04-08 03:56 . 2004-08-04 12:00 13192 ------w c:\windows\system32\dllcache\tdasync.sys
2009-04-08 03:56 . 2001-08-17 17:49 30464 ------w c:\windows\system32\dllcache\tbatm155.sys
2009-04-08 03:56 . 2001-08-17 17:52 7040 ------w c:\windows\system32\dllcache\tandqic.sys
2009-04-08 03:56 . 2001-08-17 16:50 36640 ------w c:\windows\system32\dllcache\t2r4mini.sys
2009-04-08 03:56 . 2001-08-17 18:56 172768 ------w c:\windows\system32\dllcache\t2r4disp.dll
2009-04-08 03:56 . 2001-08-18 02:36 94293 ------w c:\windows\system32\dllcache\sxports.dll
2009-04-08 03:56 . 2001-08-17 17:50 103936 ------w c:\windows\system32\dllcache\sx.sys
2009-04-08 03:56 . 2001-08-17 18:02 3968 ------w c:\windows\system32\dllcache\swusbflt.sys
2009-04-08 03:56 . 2001-08-18 02:36 10240 ------w c:\windows\system32\dllcache\swpidflt.dll
2009-04-08 03:56 . 2001-08-18 02:36 10240 ------w c:\windows\system32\dllcache\swpdflt2.dll
2009-04-08 03:54 . 2001-08-17 17:51 61824 ------w c:\windows\system32\dllcache\speed.sys
2009-04-08 03:53 . 2001-08-17 18:56 147200 ------w c:\windows\system32\dllcache\smidispb.dll
2009-04-08 03:52 . 2004-08-04 02:41 129535 ------w c:\windows\system32\dllcache\slnt7554.sys
2009-04-08 03:51 . 2001-08-17 16:50 101760 ------w c:\windows\system32\dllcache\sis300ip.sys
2009-04-08 03:50 . 2001-08-17 17:53 10880 ------w c:\windows\system32\dllcache\scsiscan.sys
2009-04-08 03:50 . 2001-08-18 02:36 57856 ------w c:\windows\system32\dllcache\EXCH_scripto.dll
2009-04-08 03:50 . 2001-08-17 17:52 11648 ------w c:\windows\system32\dllcache\scsiprnt.sys
2009-04-08 03:50 . 2001-08-17 17:51 17280 ------w c:\windows\system32\dllcache\scr111.sys
2009-04-08 03:50 . 2001-08-17 17:51 16640 ------w c:\windows\system32\dllcache\scmstcs.sys
2009-04-08 03:50 . 2001-08-17 17:51 23936 ------w c:\windows\system32\dllcache\sccmusbm.sys
2009-04-08 03:50 . 2001-08-17 17:51 23936 ------w c:\windows\system32\dllcache\sccmn50m.sys
2009-04-08 03:50 . 2004-08-04 02:59 43136 ------w c:\windows\system32\dllcache\sbp2port.sys
2009-04-08 03:50 . 2001-08-18 02:36 495616 ------w c:\windows\system32\dllcache\sblfx.dll
2009-04-08 03:50 . 2001-08-17 16:50 75392 ------w c:\windows\system32\dllcache\s3savmxm.sys
2009-04-08 03:50 . 2001-08-17 18:56 245632 ------w c:\windows\system32\dllcache\s3savmx.dll
2009-04-08 03:50 . 2001-08-17 16:50 77824 ------w c:\windows\system32\dllcache\s3sav4m.sys
2009-04-08 03:48 . 2004-08-04 12:00 79872 ------w c:\windows\system32\dllcache\rwia001.dll
2009-04-08 03:47 . 2001-08-17 17:28 714762 ------w c:\windows\system32\dllcache\r2mdmkxx.sys
2009-04-08 03:46 . 2004-08-04 12:00 83748 ------w c:\windows\system32\dllcache\prcp.nls
2009-04-08 03:45 . 2004-08-04 12:00 20992 ------w c:\windows\system32\dllcache\permchk.dll
2009-04-08 03:44 . 2001-08-18 02:36 39424 ------w c:\windows\system32\dllcache\ovcoms.exe
2009-04-08 03:44 . 2001-08-18 02:36 20480 ------w c:\windows\system32\dllcache\ovcomc.dll
2009-04-08 03:44 . 2001-08-17 18:05 351616 ------w c:\windows\system32\dllcache\ovcodek2.sys
2009-04-08 03:44 . 2001-08-18 02:36 116736 ------w c:\windows\system32\dllcache\ovcodec2.dll
2009-04-08 03:44 . 2001-08-17 18:05 31872 ------w c:\windows\system32\dllcache\ovce.sys
2009-04-08 03:44 . 2001-08-17 18:05 28032 ------w c:\windows\system32\dllcache\ovcd.sys
2009-04-08 03:44 . 2001-08-17 18:05 48000 ------w c:\windows\system32\dllcache\ovcam2.sys
2009-04-08 03:44 . 2001-08-17 18:05 25088 ------w c:\windows\system32\dllcache\ovca.sys
2009-04-08 03:44 . 2001-08-17 17:28 54186 ------w c:\windows\system32\dllcache\otcsercb.sys
2009-04-08 03:44 . 2001-08-17 16:12 43689 ------w c:\windows\system32\dllcache\otceth5.sys
2009-04-08 03:44 . 2001-08-17 16:12 27209 ------w c:\windows\system32\dllcache\otc06x5.sys
2009-04-08 03:42 . 2001-08-17 16:50 39264 ------w c:\windows\system32\dllcache\neo20xx.sys
2009-04-08 03:42 . 2001-08-18 02:36 60480 ------w c:\windows\system32\dllcache\neo20xx.dll
2009-04-08 03:42 . 2004-08-04 03:10 10880 ------w c:\windows\system32\dllcache\ndisip.sys
2009-04-08 03:42 . 2001-08-17 17:49 15872 ------w c:\windows\system32\dllcache\ne2000.sys
2009-04-08 03:42 . 2004-08-04 03:10 85376 ------w c:\windows\system32\dllcache\nabtsfec.sys
2009-04-08 03:42 . 2001-08-17 18:56 91488 ------w c:\windows\system32\dllcache\n9i3disp.dll
2009-04-08 03:42 . 2001-08-17 16:50 27936 ------w c:\windows\system32\dllcache\n9i3d.sys
2009-04-08 03:42 . 2001-08-17 16:50 33088 ------w c:\windows\system32\dllcache\n9i128v2.sys
2009-04-08 03:42 . 2001-08-18 02:36 59104 ------w c:\windows\system32\dllcache\n9i128v2.dll
2009-04-08 03:42 . 2001-08-17 16:50 13664 ------w c:\windows\system32\dllcache\n9i128.sys
2009-04-08 03:42 . 2001-08-17 18:56 35392 ------w c:\windows\system32\dllcache\n9i128.dll
2009-04-08 03:42 . 2001-08-17 16:11 128000 ------w c:\windows\system32\dllcache\n100325.sys
2009-04-08 03:42 . 2001-08-17 16:11 52255 ------w c:\windows\system32\dllcache\n1000nt5.sys
2009-04-08 03:40 . 2001-08-17 18:02 35200 ------w c:\windows\system32\dllcache\msgame.sys
2009-04-08 03:39 . 2001-08-17 16:19 48768 ------w c:\windows\system32\dllcache\maestro.sys
2009-04-08 03:38 . 2001-08-17 16:11 25065 ------w c:\windows\system32\dllcache\lmndis3.sys
2009-04-08 03:37 . 2001-08-17 18:55 5632 ------w c:\windows\system32\dllcache\kbd103.dll
2009-04-08 03:36 . 2001-08-18 02:36 372824 ------w c:\windows\system32\dllcache\iconf32.dll
2009-04-08 03:36 . 2001-08-17 18:06 100992 ------w c:\windows\system32\dllcache\icam5usb.sys
2009-04-08 03:36 . 2001-08-18 02:36 20480 ------w c:\windows\system32\dllcache\icam5ext.dll
2009-04-08 03:36 . 2001-08-18 02:36 45056 ------w c:\windows\system32\dllcache\icam5com.dll
2009-04-08 03:36 . 2001-08-17 18:06 154496 ------w c:\windows\system32\dllcache\icam4usb.sys
2009-04-08 03:36 . 2001-08-18 02:36 61952 ------w c:\windows\system32\dllcache\icam4ext.dll
2009-04-08 03:36 . 2001-08-18 02:36 91136 ------w c:\windows\system32\dllcache\icam4com.dll
2009-04-08 03:36 . 2001-08-18 02:36 26624 ------w c:\windows\system32\dllcache\icam3ext.dll
2009-04-08 03:36 . 2001-08-17 18:05 141056 ------w c:\windows\system32\dllcache\icam3.sys
2009-04-08 03:36 . 2001-08-17 18:06 38528 ------w c:\windows\system32\dllcache\ibmvcap.sys
2009-04-08 03:36 . 2001-08-17 16:12 109085 ------w c:\windows\system32\dllcache\ibmtrp.sys
2009-04-08 03:36 . 2001-08-17 16:12 100936 ------w c:\windows\system32\dllcache\ibmtok.sys
2009-04-08 03:36 . 2001-08-18 02:34 9216 ------w c:\windows\system32\dllcache\ibmsgnet.dll
2009-04-08 03:34 . 2001-08-17 17:28 115807 ------w c:\windows\system32\dllcache\hsf_fsks.sys
2009-04-08 03:33 . 2001-08-18 02:36 126976 ------w c:\windows\system32\dllcache\hpgt34tk.dll
2009-04-08 03:32 . 2001-08-17 16:49 322432 ------w c:\windows\system32\dllcache\g400m.sys
2009-04-08 03:31 . 2001-08-17 16:10 22090 ------w c:\windows\system32\dllcache\fem556n5.sys
2009-04-08 03:30 . 2001-08-17 16:19 72192 ------w c:\windows\system32\dllcache\es1969.sys
2009-04-08 03:29 . 2001-08-17 16:11 77386 ------w c:\windows\system32\dllcache\el656nd5.sys
2009-04-08 03:28 . 2001-08-18 02:36 6729 ------w c:\windows\system32\dllcache\disrvci.dll
2009-04-08 03:27 . 2001-08-18 02:36 27136 ------w c:\windows\system32\dllcache\cyzcoins.dll
2009-04-08 03:26 . 2001-08-17 16:13 49182 ------w c:\windows\system32\dllcache\cem56n5.sys
2009-04-08 03:25 . 2001-08-18 02:36 9728 ------w c:\windows\system32\dllcache\brcoinst.dll
2009-04-08 03:24 . 2004-08-04 02:29 56623 ------w c:\windows\system32\dllcache\ati1btxx.sys
2009-04-08 03:23 . 2004-05-13 04:39 598071 ------w c:\windows\system32\dllcache\fpmmc.dll
2009-04-07 23:56 . 2009-04-09 14:22 -------- d-----w c:\program files\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 17:40 . 2008-07-24 12:50 33620 ----a-w C:\Log.txt
2009-04-26 15:57 . 2006-09-17 21:48 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-26 13:34 . 2006-05-24 01:42 5427 ----a-w c:\windows\system32\EGATHDRV.SYS
2009-04-20 15:33 . 2006-06-01 19:32 74544 ----a-w c:\documents and settings\Chris Barker\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-20 13:59 . 2008-11-26 14:20 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-20 13:58 . 2006-06-05 00:58 -------- d-----w c:\program files\Java
2009-04-20 13:50 . 2006-05-24 01:30 -------- d-----w c:\program files\Common Files\Sonic Shared
2009-04-20 13:50 . 2006-05-24 01:15 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-20 13:50 . 2006-05-24 01:30 -------- d-----w c:\program files\Multimedia Center for Think Offerings
2009-04-19 00:40 . 2008-05-26 00:04 -------- d-----w c:\documents and settings\Chris Barker\Application Data\Skype
2009-04-18 23:40 . 2008-05-09 16:45 -------- d-----w c:\documents and settings\Chris Barker\Application Data\skypePM
2009-04-16 18:18 . 2006-05-24 01:15 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-16 13:13 . 2007-03-18 22:02 -------- d-----w c:\documents and settings\Chris Barker\Application Data\uTorrent
2009-04-16 03:21 . 2008-07-02 13:44 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-15 13:51 . 2006-08-12 20:20 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-14 02:32 . 2007-08-15 01:55 -------- d-----w c:\program files\QuickTime
2009-04-14 02:32 . 2007-07-22 23:08 -------- d-----w c:\program files\Picasa2
2009-04-14 02:32 . 2007-01-22 13:38 -------- d-----w c:\program files\3dsmax7
2009-04-14 02:32 . 2006-08-12 20:20 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-04-14 02:32 . 2006-05-24 01:42 -------- d-----w c:\program files\Google
2009-04-10 14:01 . 2008-07-30 02:43 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-07 23:46 . 2006-05-24 01:18 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-07 18:12 . 2009-03-10 03:13 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-06 19:32 . 2009-03-10 03:13 38496 ------w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2009-03-10 03:13 15504 ------w c:\windows\system32\drivers\mbam.sys
2009-04-05 18:57 . 2008-02-15 14:33 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-27 00:52 . 2008-05-20 18:12 -------- d-----w c:\documents and settings\Chris Barker\Application Data\Move Networks
2009-03-22 16:51 . 2006-06-03 16:12 -------- d-----w c:\program files\Common Files\Adobe
2009-03-21 14:18 . 1980-01-01 07:00 986112 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-18 12:49 . 2008-06-18 14:35 -------- d-----w c:\documents and settings\Chris Barker\Application Data\FileZilla
2009-03-18 02:26 . 2008-10-14 20:38 -------- d-----w c:\program files\FreeUndelete
2009-03-18 02:00 . 2008-10-14 20:38 14839504 ------w C:\log_fs.log
2009-03-17 23:43 . 2008-02-03 17:13 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-17 23:43 . 2007-05-21 12:28 -------- d-----w c:\program files\Lavasoft
2009-03-17 02:24 . 2006-05-24 01:27 -------- d-----w c:\program files\ThinkVantage
2009-03-16 19:50 . 2009-03-16 19:50 -------- d-----w c:\program files\ArchVision
2009-03-16 14:00 . 2009-03-10 18:02 -------- d-----w c:\program files\Alwil Software
2009-03-16 04:14 . 2008-11-29 21:28 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-03-16 01:55 . 2006-06-04 06:55 -------- d-----w c:\documents and settings\Chris Barker\Application Data\Lenovo
2009-03-16 01:55 . 2006-05-24 01:29 -------- d-----w c:\documents and settings\All Users\Application Data\Lenovo
2009-03-16 01:51 . 2006-09-10 22:24 -------- d-----w c:\program files\TVT SMBus
2009-03-16 01:51 . 2006-07-10 02:48 -------- d-----w c:\program files\UI
2009-03-16 01:51 . 2006-09-10 22:24 -------- d-----w c:\program files\SMI2
2009-03-16 01:51 . 2006-07-10 02:48 -------- d-----w c:\program files\plugcfg
2009-03-16 01:51 . 2006-05-24 01:21 -------- d-----w c:\program files\NetWaiting
2009-03-16 01:50 . 2006-05-24 01:32 -------- d-----w c:\program files\IBM ThinkVantage
2009-03-16 01:50 . 2006-05-24 01:21 -------- d-----w c:\program files\Digital Line Detect
2009-03-16 01:50 . 2006-06-13 01:19 -------- d-----w c:\program files\Common Files\Autodesk Shared
2009-03-16 01:47 . 2006-07-20 01:39 -------- d-----w c:\program files\Audacity
2009-03-16 01:47 . 2006-07-10 02:47 -------- d-----w c:\program files\autoback
2009-03-16 01:47 . 2006-06-13 01:19 -------- d-----w c:\program files\backburner 2
2009-03-16 01:43 . 2006-06-08 00:42 -------- d-----w c:\documents and settings\LocalService\Application Data\60F0C861
2009-03-16 01:40 . 2006-05-24 01:18 -------- d-----w c:\program files\ThinkVantage Fingerprint Software
2009-03-16 01:40 . 2006-11-24 15:30 -------- d-----w c:\program files\Soulseek
2009-03-16 01:40 . 2007-12-16 19:41 -------- d-----w c:\program files\PowerISO
2009-03-16 01:40 . 2006-05-24 01:30 -------- d-----w c:\program files\PCDR5
2009-03-16 01:40 . 2008-07-02 14:21 -------- d-----w c:\program files\Microsoft Works
2009-03-16 01:39 . 2008-05-13 15:10 -------- d-----w c:\program files\Microsoft LifeChat
2009-03-16 01:39 . 2007-03-10 21:13 -------- d-----w c:\program files\Microsoft Calculator Plus
2009-03-16 01:38 . 2007-04-11 00:52 -------- d-----w c:\program files\iTunes
2009-03-16 01:38 . 2007-04-11 00:53 -------- d-----w c:\program files\iPod
2009-03-16 01:38 . 2008-06-06 02:54 -------- d-----w c:\program files\hugin-0.7_beta4_windows
2009-03-16 01:38 . 2007-07-06 12:29 -------- d-----w c:\program files\FastStone Image Viewer
2009-03-16 01:38 . 2007-09-03 15:22 -------- d-----w c:\program files\DWG TrueView 2008
2009-03-16 01:38 . 2007-03-12 00:43 -------- d-----w c:\program files\Eraser
2009-03-16 01:38 . 2007-10-27 15:37 -------- d-----w c:\program files\DVD Shrink
2009-03-16 01:38 . 2007-03-02 03:02 -------- d-----w c:\program files\DirectShow Dump
2009-03-16 01:38 . 2008-05-26 00:04 -------- d-----w c:\program files\Common Files\Skype
2009-03-16 01:38 . 2007-01-01 19:26 -------- d-----w c:\program files\Common Files\rumo
2009-03-16 01:37 . 2006-09-11 12:41 -------- d-----w c:\program files\Common Files\Macromedia
2009-03-16 01:37 . 2006-08-15 22:56 -------- d-----w c:\program files\Common Files\Lenovo
2009-03-16 01:37 . 2007-09-03 15:13 -------- d-----w c:\program files\Common Files\DWGgateway
2009-03-16 01:31 . 2006-09-17 21:49 -------- d-----w c:\documents and settings\Chris Barker\Application Data\Thunderbird
2009-03-16 01:31 . 2006-10-24 02:30 -------- d-----w c:\documents and settings\Chris Barker\Application Data\MainType
2009-03-16 01:31 . 2006-11-04 23:13 -------- d-----w c:\documents and settings\Chris Barker\Application Data\AdobeAUM
2009-03-16 01:31 . 2006-06-03 16:48 -------- d-----w c:\documents and settings\Chris Barker\Application Data\AdobeUM
2009-03-16 01:30 . 2007-08-18 22:22 -------- d--h--w c:\documents and settings\All Users\Application Data\{74D61F17-FFC2-41AF-96E5-1DCB0631B6D1}
2009-03-16 01:30 . 2006-06-04 06:00 -------- d-----w c:\documents and settings\All Users\Application Data\ThinkVantage
2009-03-16 01:30 . 2006-09-28 03:47 -------- d-----w c:\documents and settings\All Users\Application Data\PCDr
2009-03-16 01:30 . 2006-07-10 02:52 -------- d-----w c:\documents and settings\All Users\Application Data\QuickTime
2009-03-16 01:30 . 2007-10-27 15:37 -------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-03-16 01:30 . 2008-06-18 14:34 -------- d-----w c:\program files\FileZilla FTP Client
2009-03-16 01:29 . 2008-07-23 02:18 -------- d-----w c:\documents and settings\Chris Barker\Application Data\Printer Info Cache
2009-03-16 01:29 . 2008-07-23 02:18 -------- d-----w c:\documents and settings\Chris Barker\Application Data\Image Zone Express
2009-03-16 01:29 . 2008-11-15 01:14 -------- d-----w c:\program files\Windows Media Connect 2
2009-03-16 01:29 . 2008-10-15 12:19 -------- d-----w c:\program files\ZAR
2009-03-16 01:29 . 2006-05-24 01:26 -------- d-----w c:\program files\Windows Media Connect
2009-03-16 01:29 . 2006-05-24 01:15 -------- d-----w c:\program files\Lenovo
2009-03-16 01:27 . 2007-06-03 17:16 -------- d-----w c:\program files\Opera
2009-03-16 01:26 . 2008-11-29 21:28 -------- d-----w c:\program files\Apple Software Update
2009-03-16 01:25 . 2006-06-16 06:54 -------- d-----w c:\program files\WinAce
2009-03-16 01:24 . 2009-01-12 14:42 -------- d-----w c:\program files\Common Files\Control Panels
2009-03-16 01:23 . 2009-01-11 23:35 -------- d-----w c:\program files\Bonjour
2009-03-16 01:18 . 2006-10-24 04:23 -------- d-----w c:\documents and settings\All Users\Application Data\MainType
2009-03-16 01:15 . 2007-12-16 20:14 -------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-03-14 17:13 . 2009-03-14 17:38 3840144 ----a-w C:\sma.txt
2009-03-14 15:56 . 2009-03-12 00:03 1788 ------w C:\aaw7boot.log
2009-03-11 12:15 . 2009-03-11 13:27 15688 ------w c:\windows\system32\lsdelete.exe
2009-03-11 12:15 . 2009-03-11 12:16 64160 ------w c:\windows\system32\drivers\Lbd.sys
2009-03-06 14:00 . 1980-01-01 07:00 284160 ----a-w c:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-29 864256]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-11-17 237568]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2006-04-25 31232]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-05 122880]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-05 524288]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-03 1601304]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-20 148888]
"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2005-11-07 106496]
"TP4EX"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2005-10-17 65536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SysUpd"="0000" [X]
"WindowsUpd"="0000" [X]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]

c:\documents and settings\Chris Barker\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2007-7-17 49152]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2005-11-1 581693]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-23 24576]
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2006-7-29 135680]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableProfileQuota"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-04-13 06:05 49152 ------w c:\program files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 20:37 34344 ------w c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-03-17 20:02 34080 ------w c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-03 02:38 10520 ------w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-25 23:20 40448 ------w c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= ymctmq.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"BLOG"=rundll32 c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
"PWRMGRTR"=rundll32 c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" silent
"AwaySch"=c:\program files\Lenovo\AwayTask\AwaySch.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\ArchVision\\ArchVision Content Manager\\rpcACMapp.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Chris Barker\\My Documents\\Sundry\\Computers\\SOFTWARE\\utorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58836:TCP"= 58836:TCP:*:Disabled:PandoRest Listening Port

R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [2007-01-03 25773]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-11 64160]
S0 Shockprf;Shockprf; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-02-03 325128]
S1 ShockMgr;ShockMgr; [x]
S1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\Tppwrif.sys [2008-06-10 4442]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-03 298264]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2008-06-10 94208]
S2 smi2;smi2;c:\program files\SMI2\smi2.sys [2006-07-14 3968]
S2 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2006-04-25 3456]
S3 swmx01;Sierra Wireless USB MUX Driver (01);c:\windows\system32\DRIVERS\swmx01.sys [2005-11-18 58624]
S3 SWNC5E01;Sierra Wireless MUX NDIS Driver (01);c:\windows\system32\DRIVERS\SWNC5E01.sys [2005-08-05 73600]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5cd0338a-28f7-11de-8e44-00a0d5fffd85}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6da6273e-7a2f-11db-88f1-00a0d5ffff85}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da396452-ef5f-11db-89f1-00130228f8ac}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7b4ddae-04a8-11dd-8c01-00a0d5ffff85}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-04-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-04-26 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-03-31 21:10]

2008-05-13 c:\windows\Tasks\LifeChatTask.job
- c:\program files\Microsoft LifeChat\LifeChat.exe [2007-01-26 18:31]

2009-04-26 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-07-13 05:40]
.
- - - - ORPHANS REMOVED - - - -

Notify-gebyx - (no file)


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-26 13:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\drivers\wzszxvvrvmkvo.sys 34305 bytes executable
c:\docume~1\CHRISB~1\LOCALS~1\Temp\wzszxf242.tmp 343040 bytes executable
c:\docume~1\CHRISB~1\LOCALS~1\Temp\wzszxserv.sys000 0 bytes
c:\windows\TEMP\wzszxb798.tmp 13824 bytes executable
c:\windows\system32\wzszxakypbwuy.dll 17408 bytes executable
c:\windows\system32\wzszxbibtqpig.sys 13824 bytes executable
c:\windows\system32\wzszxcounter 4 bytes
c:\windows\system32\wzszxerrorslog.log 108 bytes

scan completed successfully
hidden files: 8

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wzszxserv.sys]
"imagepath"="\systemroot\system32\drivers\wzszxvvrvmkvo.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3389589917-1772789297-378458841-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{28E32D63-5EBB-ACD6-E5F8-C477A4C384BC}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iagodempjgbnkemoee"=hex:64,61,64,63,6d,6a,6b,65,00,70
"iacpcoljpkcedoccad"=hex:6a,61,63,63,6a,6f,6c,64,6b,6d,63,69,6e,6f,61,67,6f,6a,
6b,6d,00,fd
"haebinobgpeoghdo"=hex:6a,61,64,63,6e,6a,69,62,70,64,6a,68,6b,6d,69,6e,65,6a,
61,70,00,fd

[HKEY_USERS\S-1-5-21-3389589917-1772789297-378458841-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{43A3970B-9028-6922-647E-A8148B1E0111}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"ialmfckgjiohajfbpc"=hex:64,61,65,6b,6a,70,68,65,00,60
"iahhfidkfpemiahfgh"=hex:6b,61,65,6b,6f,6f,65,68,62,61,6e,67,69,6a,70,6b,64,63,
6a,6a,70,62,00,00
"hajhpjkokhdjapjj"=hex:6a,61,65,6b,69,70,6b,61,6b,63,63,6d,6d,69,6f,63,62,61,
61,68,00,fd
"eaphfkomek"=hex:61,62,67,68,61,6a,69,67,6f,65,66,6d,6c,6c,6f,66,69,68,70,68,
64,69,6a,64,66,61,65,62,68,69,6a,68,64,6f,00,00
"cakmhg"=hex:6f,61,68,6b,6f,6f,6d,62,61,67,69,6f,6d,66,6b,6a,68,61,69,65,6b,67,
6f,68,64,67,6c,65,62,6e,00,00

[HKEY_USERS\S-1-5-21-3389589917-1772789297-378458841-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6CF9B06E-0060-752D-9013-EBBD301C3328}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iabamnemgbhlpmgcdk"=hex:64,61,67,65,69,65,62,69,00,70
"ianocjpedamalhakep"=hex:6a,61,62,67,6a,64,6f,6e,6f,66,64,70,70,65,63,6a,68,6d,
66,68,00,fd
"halbgnnaaidgaggi"=hex:6a,61,67,65,6e,63,6b,65,61,63,64,61,65,6b,6f,68,67,65,
66,67,00,fd

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\x*A* ]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1680)
c:\windows\system32\vrlogon.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\ThinkVantage Fingerprint Software\crypto.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll

- - - - - - - > 'lsass.exe'(1736)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll

- - - - - - - > 'explorer.exe'(4260)
c:\windows\system32\PROCHLP.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TPHDEXLG.exe
c:\windows\system32\TpKmpSvc.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Lenovo\ZOOM\TpScrex.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2009-04-26 13:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-26 17:43
ComboFix2.txt 2009-04-04 19:50

Pre-Run: 54,723,231,744 bytes free
Post-Run: 54,648,053,760 bytes free

475 --- E O F --- 2009-04-16 03:23






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:52:43 PM, on 4/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [SysUpd] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [WindowsUpd] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [SysUpd] (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149470612359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1232746723187
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.adoramapix.com/components/aurig...geUploader4.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-307.ibm.com/pc/support/access/a.../AcpControl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ymctmq.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 11122 bytes

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:37 PM

Posted 29 April 2009 - 11:24 AM

Hello,

You ran ComboFix twice? :thumbup2: I would like to have seen the original report to see what was removed.

To make sure....you are only running AVG with real time protection, yes? I see Avira installed, but it doesn't seem to be running, which is good.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 13.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 bark.chris

bark.chris
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:new york
  • Local time:01:37 PM

Posted 29 April 2009 - 04:26 PM

Hi Teacup,

-I first ran Combofix weeks ago, before making this post on Bleeping Computer.

-I am only running AVG with real time protection. I installed and uninstalled Avira at the same time I ran the first Combofix scan. I am unsure why there is still a record of it on my system.

-My Java appears to be up-to-date. At least, that is how it appears in the Add or Remove Programs interface. I have "Java ™ Update 13" installed, and no earlier versions. Shall I reinstall Update 13 anyway?

-I already have Malwarebytes (version 1.36) installed. I updated the database, ran the Quick Scan and pasted the results below, together with a new Hijack This Log.

Thanks,

bark.chris




Malwarebytes' Anti-Malware 1.36
Database version: 2060
Windows 5.1.2600 Service Pack 2

4/29/2009 5:16:36 PM
mbam-log-2009-04-29 (17-16-36).txt

Scan type: Quick Scan
Objects scanned: 94268
Time elapsed: 2 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



----------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:18:04 PM, on 4/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Glary Utilities\Integrator.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [SysUpd] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [WindowsUpd] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [SysUpd] (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149470612359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1232746723187
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.adoramapix.com/components/aurig...geUploader4.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-307.ibm.com/pc/support/access/a.../AcpControl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ymctmq.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 11228 bytes

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:37 PM

Posted 30 April 2009 - 12:57 PM

Hi there,

The Java was making sure, as the original DDS log says this :
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab


If you've updated to the latest and removed the old, then no reason you should do it again. :thumbup2:

I asked about Avira for the same reason. Perhaps an empty folder remained somewhere?

If you used the original ComboFix you had, then it likely didn't perform thoroughly. It's updated often and yesterday's version is usually out of date. If you did download a new one, then the entries in the log are only leftovers, and that explains why the other logs are looking clean.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O4 - HKUS\S-1-5-18\..\Run: [SysUpd] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [WindowsUpd] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [SysUpd] (User 'Default user')
O20 - AppInit_DLLs: ymctmq.dll


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Reboot your computer.

How is it running please?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 bark.chris

bark.chris
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:new york
  • Local time:01:37 PM

Posted 01 May 2009 - 08:41 AM

Hi Teacup.,

-I had downloaded a new Combofix from the links you provided, so I hope that's good.

-The four entries were identifiied in the HiJack This scan, and I have deleted them.

After rebooting, and launching IE and Firefox:
-The first half dozen or so search results in IE remain bogus;
-The same search in Firefox comes back clean, and, I think, the browser is performing a bit faster.

bark.chris

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:37 PM

Posted 01 May 2009 - 12:08 PM

Hello,

Download the HostsXpert Here
http://www.funkytoad.com/download/HostsXpert.zip

Unzip HostsXpert to your desktop

Open up the HostsXpert program.

* Make sure that the "make hosts writable?" button in the upper left corner is enabled.
* Click back up Host files
* then click "Restore MS Hosts File"
* close program

Click Start>Run> Type in (or copy and paste) ipconfig /flushdns and hit enter. The only thing you might see is a quick flash of a window.

Click on Start, Control Panel, select the Network and Internet Connections category or double click on Network Connections, depending on which View you are using. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item. Write down the settings in case you should need to change them back. Select the radio dial that says Obtain DNS servers automatically.
Press OK twice to get out of the properties screen and reboot if it asks. If it does not prompt you to reboot go ahead and reboot manually.

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Let me know how it is now. :thumbup2:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 bark.chris

bark.chris
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:new york
  • Local time:01:37 PM

Posted 02 May 2009 - 08:47 AM

Hi Teacup,

I followed each of the steps you outlined, but nothing has changed.
If it would help, I'm not adverse to updating my IE to version 8. But I suppose this wouldn't necessarily remove malware hiding elsewhere...

Bark.chris

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:37 PM

Posted 02 May 2009 - 10:46 AM

Hello,

Do you have a router?
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 bark.chris

bark.chris
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:new york
  • Local time:01:37 PM

Posted 02 May 2009 - 11:15 AM

Yes, a cable broadband router and a wireless access point.

bark.chris

#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:37 PM

Posted 02 May 2009 - 12:08 PM

Thanks. :thumbup2:

* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

KILLALL::
File::
c:\windows\Cmehun.bin
c:\windows\Hliguvozer.dat
c:\windows\system32\drivers\wzszxvvrvmkvo.sys
c:\docume~1\CHRISB~1\LOCALS~1\Temp\wzszxf242.tmp
c:\docume~1\CHRISB~1\LOCALS~1\Temp\wzszxserv.sys000
c:\windows\TEMP\wzszxb798.tmp
c:\windows\system32\wzszxakypbwuy.dll
c:\windows\system32\wzszxbibtqpig.sys
c:\windows\system32\wzszxcounter
c:\windows\system32\wzszxerrorslog.log

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wzszxserv.sys]

Driver::
wzszxvvrvmkvo


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 bark.chris

bark.chris
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:new york
  • Local time:01:37 PM

Posted 03 May 2009 - 12:01 PM

Hi Teacup,

Please find the new Combofix and Hijack This logs below:

ComboFix 09-05-02.4 - Chris Barker 05/03/2009 12:42.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1396 [GMT -4:00]
Running from: c:\documents and settings\Chris Barker\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Chris Barker\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)

FILE ::
c:\docume~1\CHRISB~1\LOCALS~1\Temp\wzszxf242.tmp
c:\docume~1\CHRISB~1\LOCALS~1\Temp\wzszxserv.sys000
c:\windows\Cmehun.bin
c:\windows\Hliguvozer.dat
c:\windows\system32\drivers\wzszxvvrvmkvo.sys
c:\windows\system32\wzszxakypbwuy.dll
c:\windows\system32\wzszxbibtqpig.sys
c:\windows\system32\wzszxcounter
c:\windows\system32\wzszxerrorslog.log
c:\windows\TEMP\wzszxb798.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\CHRISB~1\LOCALS~1\Temp\wzszxf242.tmp
c:\docume~1\CHRISB~1\LOCALS~1\Temp\wzszxserv.sys000
c:\windows\Hliguvozer.dat
c:\windows\system32\drivers\wzszxvvrvmkvo.sys
c:\windows\system32\wzszxakypbwuy.dll
c:\windows\system32\wzszxbibtqpig.sys
c:\windows\system32\wzszxcounter
c:\windows\system32\wzszxerrorslog.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_wzszxserv.sys


((((((((((((((((((((((((( Files Created from 2009-04-03 to 2009-05-03 )))))))))))))))))))))))))))))))
.

2009-04-30 03:47 . 2009-04-30 03:47 -------- d-----w c:\windows\system32\XPSViewer
2009-04-30 03:47 . 2009-04-30 03:47 -------- d-----w c:\program files\MSBuild
2009-04-30 03:47 . 2009-04-30 03:47 -------- d-----w c:\program files\Reference Assemblies
2009-04-30 03:47 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-04-30 03:47 . 2008-07-06 12:06 89088 ------w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-30 03:47 . 2008-07-06 10:50 597504 ------w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-30 03:47 . 2008-07-06 12:06 575488 ------w c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-30 03:47 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-04-30 03:47 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\dllcache\xpssvcs.dll
2009-04-30 03:47 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-04-30 03:47 . 2009-04-30 03:47 -------- d-----w C:\307cdcb0c301328248
2009-04-20 13:54 . 2009-04-20 13:54 -------- d-----w c:\documents and settings\Chris Barker\Application Data\MSNInstaller
2009-04-11 14:06 . 2009-04-11 14:06 -------- d-----w c:\documents and settings\Chris Barker\Local Settings\Application Data\{160B857E-5F13-40E7-8A75-E91CABEBB3B6}
2009-04-08 04:04 . 2004-08-04 12:00 13894 ------w c:\windows\system32\dllcache\zonelibm.dll
2009-04-08 04:04 . 2004-08-04 12:00 113222 ------w c:\windows\system32\dllcache\zoneclim.dll
2009-04-08 04:04 . 2004-08-04 12:00 29760 ------w c:\windows\system32\dllcache\znetm.dll
2009-04-08 04:04 . 2004-08-04 12:00 4677 ------w c:\windows\system32\dllcache\zeeverm.dll
2009-04-08 04:04 . 2004-08-04 12:00 41029 ------w c:\windows\system32\dllcache\zcorem.dll
2009-04-08 04:04 . 2004-08-04 12:00 36937 ------w c:\windows\system32\dllcache\zclientm.exe
2009-04-08 04:04 . 2004-08-04 04:56 116224 ------w c:\windows\system32\dllcache\xrxwiadr.dll
2009-04-08 04:04 . 2001-08-18 02:36 23040 ------w c:\windows\system32\dllcache\xrxwbtmp.dll
2009-04-08 04:04 . 2001-08-18 02:36 17408 ------w c:\windows\system32\dllcache\xrxscnui.dll
2009-04-08 04:04 . 2001-08-18 02:37 27648 ------w c:\windows\system32\dllcache\xrxftplt.exe
2009-04-08 04:02 . 2001-08-18 02:36 53760 ------w c:\windows\system32\dllcache\wiamsmud.dll
2009-04-08 04:01 . 2001-08-17 16:13 19528 ------w c:\windows\system32\dllcache\w840nd.sys
2009-04-08 04:00 . 2001-08-17 17:28 113762 ------w c:\windows\system32\dllcache\usrpda.sys
2009-04-08 03:59 . 2001-08-18 02:36 26624 ------w c:\windows\system32\dllcache\umaxu22.dll
2009-04-08 03:59 . 2001-08-18 02:36 69632 ------w c:\windows\system32\dllcache\umaxu12.dll
2009-04-08 03:59 . 2001-08-18 02:36 50688 ------w c:\windows\system32\dllcache\umaxscan.dll
2009-04-08 03:59 . 2001-08-17 17:58 22912 ------w c:\windows\system32\dllcache\umaxpcls.sys
2009-04-08 03:59 . 2001-08-18 02:36 50176 ------w c:\windows\system32\dllcache\umaxp60.dll
2009-04-08 03:59 . 2001-08-18 02:36 47616 ------w c:\windows\system32\dllcache\umaxcam.dll
2009-04-08 03:59 . 2001-08-18 02:36 211968 ------w c:\windows\system32\dllcache\um54scan.dll
2009-04-08 03:59 . 2001-08-18 02:36 216064 ------w c:\windows\system32\dllcache\um34scan.dll
2009-04-08 03:59 . 2004-08-04 12:00 103424 ------w c:\windows\system32\dllcache\uihelper.dll
2009-04-08 03:59 . 2004-08-04 03:07 44672 ------w c:\windows\system32\dllcache\uagp35.sys
2009-04-08 03:58 . 2001-08-17 17:48 11520 ------w c:\windows\system32\dllcache\twotrack.sys
2009-04-08 03:58 . 2004-08-04 12:00 14336 ------w c:\windows\system32\dllcache\tsprof.exe
2009-04-08 03:58 . 2001-08-17 16:51 166784 ------w c:\windows\system32\dllcache\tridxpm.sys
2009-04-08 03:58 . 2001-08-18 02:36 525568 ------w c:\windows\system32\dllcache\tridxp.dll
2009-04-08 03:58 . 2001-08-17 16:51 159232 ------w c:\windows\system32\dllcache\tridkbm.sys
2009-04-08 03:58 . 2001-08-17 18:56 440576 ------w c:\windows\system32\dllcache\tridkb.dll
2009-04-08 03:58 . 2001-08-17 16:51 222336 ------w c:\windows\system32\dllcache\trid3dm.sys
2009-04-08 03:58 . 2001-08-17 18:56 315520 ------w c:\windows\system32\dllcache\trid3d.dll
2009-04-08 03:58 . 2001-08-17 16:12 34375 ------w c:\windows\system32\dllcache\tpro4.sys
2009-04-08 03:58 . 2001-08-18 02:35 42496 ------w c:\windows\system32\dllcache\tp4res.dll
2009-04-08 03:58 . 2004-08-04 04:56 82432 ------w c:\windows\system32\dllcache\tp4mon.exe
2009-04-08 03:56 . 2001-08-17 16:13 37961 ------w c:\windows\system32\dllcache\tdk100b.sys
2009-04-08 03:56 . 2004-08-04 12:00 21896 ------w c:\windows\system32\dllcache\tdipx.sys
2009-04-08 03:56 . 2004-08-04 12:00 13192 ------w c:\windows\system32\dllcache\tdasync.sys
2009-04-08 03:56 . 2001-08-17 17:49 30464 ------w c:\windows\system32\dllcache\tbatm155.sys
2009-04-08 03:56 . 2001-08-17 17:52 7040 ------w c:\windows\system32\dllcache\tandqic.sys
2009-04-08 03:56 . 2001-08-17 16:50 36640 ------w c:\windows\system32\dllcache\t2r4mini.sys
2009-04-08 03:56 . 2001-08-17 18:56 172768 ------w c:\windows\system32\dllcache\t2r4disp.dll
2009-04-08 03:56 . 2001-08-18 02:36 94293 ------w c:\windows\system32\dllcache\sxports.dll
2009-04-08 03:56 . 2001-08-17 17:50 103936 ------w c:\windows\system32\dllcache\sx.sys
2009-04-08 03:56 . 2001-08-17 18:02 3968 ------w c:\windows\system32\dllcache\swusbflt.sys
2009-04-08 03:56 . 2001-08-18 02:36 10240 ------w c:\windows\system32\dllcache\swpidflt.dll
2009-04-08 03:56 . 2001-08-18 02:36 10240 ------w c:\windows\system32\dllcache\swpdflt2.dll
2009-04-08 03:54 . 2001-08-17 17:51 61824 ------w c:\windows\system32\dllcache\speed.sys
2009-04-08 03:53 . 2001-08-17 18:56 147200 ------w c:\windows\system32\dllcache\smidispb.dll
2009-04-08 03:52 . 2004-08-04 02:41 129535 ------w c:\windows\system32\dllcache\slnt7554.sys
2009-04-08 03:51 . 2001-08-17 16:50 101760 ------w c:\windows\system32\dllcache\sis300ip.sys
2009-04-08 03:50 . 2001-08-17 17:53 10880 ------w c:\windows\system32\dllcache\scsiscan.sys
2009-04-08 03:50 . 2001-08-17 17:52 11648 ------w c:\windows\system32\dllcache\scsiprnt.sys
2009-04-08 03:50 . 2001-08-18 02:36 57856 ------w c:\windows\system32\dllcache\EXCH_scripto.dll
2009-04-08 03:50 . 2001-08-17 17:51 17280 ------w c:\windows\system32\dllcache\scr111.sys
2009-04-08 03:50 . 2001-08-17 17:51 16640 ------w c:\windows\system32\dllcache\scmstcs.sys
2009-04-08 03:50 . 2001-08-17 17:51 23936 ------w c:\windows\system32\dllcache\sccmusbm.sys
2009-04-08 03:50 . 2001-08-17 17:51 23936 ------w c:\windows\system32\dllcache\sccmn50m.sys
2009-04-08 03:50 . 2004-08-04 02:59 43136 ------w c:\windows\system32\dllcache\sbp2port.sys
2009-04-08 03:50 . 2001-08-18 02:36 495616 ------w c:\windows\system32\dllcache\sblfx.dll
2009-04-08 03:50 . 2001-08-17 16:50 75392 ------w c:\windows\system32\dllcache\s3savmxm.sys
2009-04-08 03:50 . 2001-08-17 18:56 245632 ------w c:\windows\system32\dllcache\s3savmx.dll
2009-04-08 03:50 . 2001-08-17 16:50 77824 ------w c:\windows\system32\dllcache\s3sav4m.sys
2009-04-08 03:48 . 2004-08-04 12:00 79872 ------w c:\windows\system32\dllcache\rwia001.dll
2009-04-08 03:47 . 2001-08-17 17:28 714762 ------w c:\windows\system32\dllcache\r2mdmkxx.sys
2009-04-08 03:46 . 2004-08-04 03:00 17664 ------w c:\windows\system32\dllcache\ppa3.sys
2009-04-08 03:45 . 2004-08-04 12:00 20992 ------w c:\windows\system32\dllcache\permchk.dll
2009-04-08 03:44 . 2001-08-18 02:36 39424 ------w c:\windows\system32\dllcache\ovcoms.exe
2009-04-08 03:44 . 2001-08-18 02:36 20480 ------w c:\windows\system32\dllcache\ovcomc.dll
2009-04-08 03:44 . 2001-08-17 18:05 351616 ------w c:\windows\system32\dllcache\ovcodek2.sys
2009-04-08 03:44 . 2001-08-18 02:36 116736 ------w c:\windows\system32\dllcache\ovcodec2.dll
2009-04-08 03:44 . 2001-08-17 18:05 31872 ------w c:\windows\system32\dllcache\ovce.sys
2009-04-08 03:44 . 2001-08-17 18:05 28032 ------w c:\windows\system32\dllcache\ovcd.sys
2009-04-08 03:44 . 2001-08-17 18:05 48000 ------w c:\windows\system32\dllcache\ovcam2.sys
2009-04-08 03:44 . 2001-08-17 18:05 25088 ------w c:\windows\system32\dllcache\ovca.sys
2009-04-08 03:44 . 2001-08-17 17:28 54186 ------w c:\windows\system32\dllcache\otcsercb.sys
2009-04-08 03:44 . 2001-08-17 16:12 43689 ------w c:\windows\system32\dllcache\otceth5.sys
2009-04-08 03:44 . 2001-08-17 16:12 27209 ------w c:\windows\system32\dllcache\otc06x5.sys
2009-04-08 03:42 . 2001-08-17 16:50 39264 ------w c:\windows\system32\dllcache\neo20xx.sys
2009-04-08 03:42 . 2001-08-18 02:36 60480 ------w c:\windows\system32\dllcache\neo20xx.dll
2009-04-08 03:42 . 2001-08-17 17:49 15872 ------w c:\windows\system32\dllcache\ne2000.sys
2009-04-08 03:42 . 2004-08-04 03:10 10880 ------w c:\windows\system32\dllcache\ndisip.sys
2009-04-08 03:42 . 2004-08-04 03:10 85376 ------w c:\windows\system32\dllcache\nabtsfec.sys
2009-04-08 03:42 . 2001-08-17 18:56 91488 ------w c:\windows\system32\dllcache\n9i3disp.dll
2009-04-08 03:42 . 2001-08-17 16:50 27936 ------w c:\windows\system32\dllcache\n9i3d.sys
2009-04-08 03:42 . 2001-08-17 16:50 33088 ------w c:\windows\system32\dllcache\n9i128v2.sys
2009-04-08 03:42 . 2001-08-18 02:36 59104 ------w c:\windows\system32\dllcache\n9i128v2.dll
2009-04-08 03:42 . 2001-08-17 16:50 13664 ------w c:\windows\system32\dllcache\n9i128.sys
2009-04-08 03:42 . 2001-08-17 18:56 35392 ------w c:\windows\system32\dllcache\n9i128.dll
2009-04-08 03:42 . 2001-08-17 16:11 128000 ------w c:\windows\system32\dllcache\n100325.sys
2009-04-08 03:42 . 2001-08-17 16:11 52255 ------w c:\windows\system32\dllcache\n1000nt5.sys
2009-04-08 03:40 . 2001-08-17 18:02 35200 ------w c:\windows\system32\dllcache\msgame.sys
2009-04-08 03:39 . 2001-08-17 16:19 48768 ------w c:\windows\system32\dllcache\maestro.sys
2009-04-08 03:38 . 2001-08-17 16:11 25065 ------w c:\windows\system32\dllcache\lmndis3.sys
2009-04-08 03:37 . 2001-08-17 18:55 5632 ------w c:\windows\system32\dllcache\kbd103.dll
2009-04-08 03:36 . 2001-08-18 02:36 372824 ------w c:\windows\system32\dllcache\iconf32.dll
2009-04-08 03:36 . 2001-08-17 18:06 100992 ------w c:\windows\system32\dllcache\icam5usb.sys
2009-04-08 03:36 . 2001-08-18 02:36 20480 ------w c:\windows\system32\dllcache\icam5ext.dll
2009-04-08 03:36 . 2001-08-18 02:36 45056 ------w c:\windows\system32\dllcache\icam5com.dll
2009-04-08 03:36 . 2001-08-17 18:06 154496 ------w c:\windows\system32\dllcache\icam4usb.sys
2009-04-08 03:36 . 2001-08-18 02:36 61952 ------w c:\windows\system32\dllcache\icam4ext.dll
2009-04-08 03:36 . 2001-08-18 02:36 91136 ------w c:\windows\system32\dllcache\icam4com.dll
2009-04-08 03:36 . 2001-08-18 02:36 26624 ------w c:\windows\system32\dllcache\icam3ext.dll
2009-04-08 03:36 . 2001-08-17 18:05 141056 ------w c:\windows\system32\dllcache\icam3.sys
2009-04-08 03:36 . 2001-08-17 18:06 38528 ------w c:\windows\system32\dllcache\ibmvcap.sys
2009-04-08 03:36 . 2001-08-17 16:12 109085 ------w c:\windows\system32\dllcache\ibmtrp.sys
2009-04-08 03:36 . 2001-08-17 16:12 100936 ------w c:\windows\system32\dllcache\ibmtok.sys
2009-04-08 03:36 . 2001-08-18 02:34 9216 ------w c:\windows\system32\dllcache\ibmsgnet.dll
2009-04-08 03:34 . 2001-08-17 17:28 115807 ------w c:\windows\system32\dllcache\hsf_fsks.sys
2009-04-08 03:33 . 2001-08-18 02:36 126976 ------w c:\windows\system32\dllcache\hpgt34tk.dll
2009-04-08 03:32 . 2001-08-17 16:49 322432 ------w c:\windows\system32\dllcache\g400m.sys
2009-04-08 03:31 . 2001-08-17 16:10 22090 ------w c:\windows\system32\dllcache\fem556n5.sys
2009-04-08 03:30 . 2001-08-17 16:19 72192 ------w c:\windows\system32\dllcache\es1969.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-03 16:49 . 2009-03-31 16:07 326 ----a-w c:\windows\Tasks\GlaryInitialize.job
2009-05-03 16:45 . 2004-08-09 18:02 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-03 16:40 . 2008-07-13 22:54 314 ----a-w c:\windows\Tasks\PMTask.job
2009-05-03 16:21 . 2006-05-24 01:42 5427 ----a-w c:\windows\system32\EGATHDRV.SYS
2009-04-30 12:53 . 2006-06-01 19:32 74544 ----a-w c:\documents and settings\Chris Barker\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-29 21:34 . 2007-01-22 13:38 -------- d-----w c:\program files\3dsmax7
2009-04-26 15:57 . 2006-09-17 21:48 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-20 13:59 . 2008-11-26 14:20 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-20 13:58 . 2006-06-05 00:58 -------- d-----w c:\program files\Java
2009-04-20 13:50 . 2006-05-24 01:30 -------- d-----w c:\program files\Common Files\Sonic Shared
2009-04-20 13:50 . 2006-05-24 01:15 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-20 13:50 . 2006-05-24 01:30 -------- d-----w c:\program files\Multimedia Center for Think Offerings
2009-04-16 18:18 . 2006-05-24 01:15 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-15 13:51 . 2006-08-12 20:20 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-15 12:16 . 2009-03-11 12:16 472 ----a-w c:\windows\Tasks\Ad-Aware Update (Weekly).job
2009-04-14 02:32 . 2007-08-15 01:55 -------- d-----w c:\program files\QuickTime
2009-04-14 02:32 . 2007-07-22 23:08 -------- d-----w c:\program files\Picasa2
2009-04-14 02:32 . 2006-05-24 01:42 -------- d-----w c:\program files\Google
2009-04-07 23:46 . 2006-05-24 01:18 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-07 18:12 . 2009-03-10 03:13 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-06 19:32 . 2009-03-10 03:13 38496 ------w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2009-03-10 03:13 15504 ------w c:\windows\system32\drivers\mbam.sys
2009-04-05 03:11 . 2008-11-29 21:28 296 ------w c:\windows\Tasks\AppleSoftwareUpdate.job
2009-04-02 03:54 . 2009-04-02 03:54 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-03-31 16:07 . 2009-03-31 16:07 -------- d-----w c:\program files\Glary Utilities
2009-03-29 15:35 . 2009-03-28 22:40 -------- d-----w c:\program files\MediaMonkey
2009-03-29 02:11 . 2009-03-29 02:11 -------- d-----w c:\program files\Hewlett-Packard
2009-03-22 16:51 . 2006-06-03 16:12 -------- d-----w c:\program files\Common Files\Adobe
2009-03-18 02:26 . 2008-10-14 20:38 -------- d-----w c:\program files\FreeUndelete
2009-03-17 23:43 . 2007-05-21 12:28 -------- d-----w c:\program files\Lavasoft
2009-03-17 02:24 . 2006-05-24 01:27 -------- d-----w c:\program files\ThinkVantage
2009-03-16 19:50 . 2009-03-16 19:50 -------- d-----w c:\program files\ArchVision
2009-03-16 14:00 . 2009-03-10 18:02 -------- d-----w c:\program files\Alwil Software
2009-03-16 01:51 . 2006-09-10 22:24 -------- d-----w c:\program files\TVT SMBus
2009-03-16 01:51 . 2006-07-10 02:48 -------- d-----w c:\program files\UI
2009-03-16 01:51 . 2006-09-10 22:24 -------- d-----w c:\program files\SMI2
2009-03-16 01:51 . 2006-07-10 02:48 -------- d-----w c:\program files\plugcfg
2009-03-16 01:51 . 2006-05-24 01:21 -------- d-----w c:\program files\NetWaiting
2009-03-16 01:50 . 2006-05-24 01:32 -------- d-----w c:\program files\IBM ThinkVantage
2009-03-16 01:50 . 2006-05-24 01:21 -------- d-----w c:\program files\Digital Line Detect
2009-03-16 01:50 . 2006-06-13 01:19 -------- d-----w c:\program files\Common Files\Autodesk Shared
2009-03-16 01:47 . 2006-07-20 01:39 -------- d-----w c:\program files\Audacity
2009-03-16 01:47 . 2006-07-10 02:47 -------- d-----w c:\program files\autoback
2009-03-16 01:47 . 2006-06-13 01:19 -------- d-----w c:\program files\backburner 2
2009-03-16 01:40 . 2006-05-24 01:18 -------- d-----w c:\program files\ThinkVantage Fingerprint Software
2009-03-16 01:40 . 2006-11-24 15:30 -------- d-----w c:\program files\Soulseek
2009-03-16 01:40 . 2007-12-16 19:41 -------- d-----w c:\program files\PowerISO
2009-03-16 01:40 . 2006-05-24 01:30 -------- d-----w c:\program files\PCDR5
2009-03-16 01:40 . 2008-07-02 14:21 -------- d-----w c:\program files\Microsoft Works
2009-03-16 01:39 . 2008-05-13 15:10 -------- d-----w c:\program files\Microsoft LifeChat
2009-03-16 01:39 . 2007-03-10 21:13 -------- d-----w c:\program files\Microsoft Calculator Plus
2009-03-16 01:38 . 2007-04-11 00:52 -------- d-----w c:\program files\iTunes
2009-03-16 01:38 . 2007-04-11 00:53 -------- d-----w c:\program files\iPod
2009-03-16 01:38 . 2008-06-06 02:54 -------- d-----w c:\program files\hugin-0.7_beta4_windows
2009-03-16 01:38 . 2007-07-06 12:29 -------- d-----w c:\program files\FastStone Image Viewer
2009-03-16 01:38 . 2007-09-03 15:22 -------- d-----w c:\program files\DWG TrueView 2008
2009-03-16 01:38 . 2007-03-12 00:43 -------- d-----w c:\program files\Eraser
2009-03-16 01:38 . 2007-10-27 15:37 -------- d-----w c:\program files\DVD Shrink
2009-03-16 01:38 . 2007-03-02 03:02 -------- d-----w c:\program files\DirectShow Dump
2009-03-16 01:38 . 2008-05-26 00:04 -------- d-----w c:\program files\Common Files\Skype
2009-03-16 01:38 . 2007-01-01 19:26 -------- d-----w c:\program files\Common Files\rumo
2009-03-16 01:37 . 2006-09-11 12:41 -------- d-----w c:\program files\Common Files\Macromedia
2009-03-16 01:37 . 2006-08-15 22:56 -------- d-----w c:\program files\Common Files\Lenovo
2009-03-16 01:37 . 2007-09-03 15:13 -------- d-----w c:\program files\Common Files\DWGgateway
2009-03-16 01:30 . 2008-06-18 14:34 -------- d-----w c:\program files\FileZilla FTP Client
2009-03-16 01:29 . 2008-11-15 01:14 -------- d-----w c:\program files\Windows Media Connect 2
2009-03-16 01:29 . 2008-10-15 12:19 -------- d-----w c:\program files\ZAR
2009-03-16 01:29 . 2006-05-24 01:26 -------- d-----w c:\program files\Windows Media Connect
2009-03-16 01:29 . 2006-05-24 01:15 -------- d-----w c:\program files\Lenovo
2009-03-16 01:27 . 2007-06-03 17:16 -------- d-----w c:\program files\Opera
2009-03-16 01:26 . 2008-11-29 21:28 -------- d-----w c:\program files\Apple Software Update
2009-03-16 01:25 . 2006-06-16 06:54 -------- d-----w c:\program files\WinAce
2009-03-16 01:24 . 2009-01-12 14:42 -------- d-----w c:\program files\Common Files\Control Panels
2009-03-16 01:23 . 2009-01-11 23:35 -------- d-----w c:\program files\Bonjour
2009-03-11 12:15 . 2009-03-11 13:27 15688 ------w c:\windows\system32\lsdelete.exe
2009-03-11 12:15 . 2009-03-11 12:16 64160 ------w c:\windows\system32\drivers\Lbd.sys
2009-03-06 14:00 . 1980-01-01 07:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-04 21:23 . 2007-09-30 17:24 548 --sh--r c:\documents and settings\All Users\Application Data\winpage.sys
2009-03-03 00:18 . 1980-01-01 07:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 1980-01-01 07:00 78336 ------w c:\windows\system32\ieencode.dll
2009-02-09 10:19 . 1980-01-01 07:00 1846272 ------w c:\windows\system32\win32k.sys
2009-02-09 10:01 . 1980-01-01 07:00 728576 ------w c:\windows\system32\lsasrv.dll
2009-02-09 10:01 . 1980-01-01 07:00 617984 ------w c:\windows\system32\advapi32.dll
2009-02-09 10:01 . 1980-01-01 07:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:01 . 1980-01-01 07:00 715264 ------w c:\windows\system32\ntdll.dll
2009-02-06 10:29 . 1980-01-01 07:00 2142720 ------w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:22 . 1980-01-01 07:00 110592 ------w c:\windows\system32\services.exe
2009-02-06 09:54 . 1980-01-01 07:00 35328 ------w c:\windows\system32\sc.exe
2009-02-06 09:49 . 2004-08-04 05:59 2020864 ------w c:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 1980-01-01 07:00 55808 ----a-w c:\windows\system32\secur32.dll
2009-02-03 02:38 . 2009-02-03 02:38 10520 ------w c:\windows\system32\avgrsstx.dll
2009-02-03 02:38 . 2008-07-30 02:43 325128 ------w c:\windows\system32\drivers\avgldx86.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-29 864256]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-11-17 237568]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2006-04-25 31232]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-05 122880]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-05 524288]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-03 1601304]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-20 148888]
"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2005-11-07 106496]
"TP4EX"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2005-10-17 65536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]

c:\documents and settings\Chris Barker\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2007-7-17 49152]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2005-11-1 581693]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-23 24576]
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2006-7-29 135680]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableProfileQuota"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-04-13 06:05 49152 ------w c:\program files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 20:37 34344 ------w c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-03-17 20:02 34080 ------w c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-03 02:38 10520 ------w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-25 23:20 40448 ------w c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"BLOG"=rundll32 c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
"PWRMGRTR"=rundll32 c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" silent
"AwaySch"=c:\program files\Lenovo\AwayTask\AwaySch.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\ArchVision\\ArchVision Content Manager\\rpcACMapp.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Chris Barker\\My Documents\\Sundry\\Computers\\SOFTWARE\\utorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58836:TCP"= 58836:TCP:*:Disabled:PandoRest Listening Port

R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [2007-01-03 25773]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-11 64160]
S0 Shockprf;Shockprf; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-02-03 325128]
S1 ShockMgr;ShockMgr; [x]
S1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\Tppwrif.sys [2008-06-10 4442]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-03 298264]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2008-06-10 94208]
S2 smi2;smi2;c:\program files\SMI2\smi2.sys [2006-07-14 3968]
S2 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2006-04-25 3456]
S3 swmx01;Sierra Wireless USB MUX Driver (01);c:\windows\system32\DRIVERS\swmx01.sys [2005-11-18 58624]
S3 SWNC5E01;Sierra Wireless MUX NDIS Driver (01);c:\windows\system32\DRIVERS\SWNC5E01.sys [2005-08-05 73600]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5cd0338a-28f7-11de-8e44-00a0d5fffd85}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6da6273e-7a2f-11db-88f1-00a0d5ffff85}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da396452-ef5f-11db-89f1-00130228f8ac}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7b4ddae-04a8-11dd-8c01-00a0d5ffff85}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-04-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-05-03 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-03-31 21:10]

2008-05-13 c:\windows\Tasks\LifeChatTask.job
- c:\program files\Microsoft LifeChat\LifeChat.exe [2007-01-26 18:31]

2009-05-03 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-07-13 05:40]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-03 12:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3389589917-1772789297-378458841-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{28E32D63-5EBB-ACD6-E5F8-C477A4C384BC}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iagodempjgbnkemoee"=hex:64,61,64,63,6d,6a,6b,65,00,70
"iacpcoljpkcedoccad"=hex:6a,61,63,63,6a,6f,6c,64,6b,6d,63,69,6e,6f,61,67,6f,6a,
6b,6d,00,fd
"haebinobgpeoghdo"=hex:6a,61,64,63,6e,6a,69,62,70,64,6a,68,6b,6d,69,6e,65,6a,
61,70,00,fd

[HKEY_USERS\S-1-5-21-3389589917-1772789297-378458841-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{43A3970B-9028-6922-647E-A8148B1E0111}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"ialmfckgjiohajfbpc"=hex:64,61,65,6b,6a,70,68,65,00,60
"iahhfidkfpemiahfgh"=hex:6b,61,65,6b,6f,6f,65,68,62,61,6e,67,69,6a,70,6b,64,63,
6a,6a,70,62,00,00
"hajhpjkokhdjapjj"=hex:6a,61,65,6b,69,70,6b,61,6b,63,63,6d,6d,69,6f,63,62,61,
61,68,00,fd
"eaphfkomek"=hex:61,62,67,68,61,6a,69,67,6f,65,66,6d,6c,6c,6f,66,69,68,70,68,
64,69,6a,64,66,61,65,62,68,69,6a,68,64,6f,00,00
"cakmhg"=hex:6f,61,68,6b,6f,6f,6d,62,61,67,69,6f,6d,66,6b,6a,68,61,69,65,6b,67,
6f,68,64,67,6c,65,62,6e,00,00

[HKEY_USERS\S-1-5-21-3389589917-1772789297-378458841-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6CF9B06E-0060-752D-9013-EBBD301C3328}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iabamnemgbhlpmgcdk"=hex:64,61,67,65,69,65,62,69,00,70
"ianocjpedamalhakep"=hex:6a,61,62,67,6a,64,6f,6e,6f,66,64,70,70,65,63,6a,68,6d,
66,68,00,fd
"halbgnnaaidgaggi"=hex:6a,61,67,65,6e,63,6b,65,61,63,64,61,65,6b,6f,68,67,65,
66,67,00,fd

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\x*A* ]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1680)
c:\windows\system32\vrlogon.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\ThinkVantage Fingerprint Software\crypto.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll

- - - - - - - > 'lsass.exe'(1760)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll

- - - - - - - > 'explorer.exe'(3956)
c:\windows\system32\PROCHLP.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TPHDEXLG.exe
c:\windows\system32\TpKmpSvc.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Lenovo\ZOOM\TpScrex.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2009-05-03 12:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-03 16:53
ComboFix2.txt 2009-04-04 19:50

Pre-Run: 53,673,680,896 bytes free
Post-Run: 53,682,716,672 bytes free

478 --- E O F --- 2009-04-30 03:51




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:21 PM, on 5/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149470612359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1232746723187
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.adoramapix.com/components/aurig...geUploader4.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-307.ibm.com/pc/support/access/a.../AcpControl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 11126 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users